In a bid to further strengthen its payment network, independent mobile payments platform MobiKwik has launched its first bug bounty program, aimed squarely at strengthening its cybersecurity efforts in the field of digital payments. This is also in line with similar efforts by numerous valley-based upstarts like Facebook, Google and others, which have successfully plugged in several security loopholes through their bug bounty initiatives respectively.
With over 25 million users and 50,000 retail partners on board including the likes of Big Bazaar, Uber, and IRCTC; MobiKwik aims to further strengthen its hold over the digital payments ecosystem in India by making its platforms more robust.
Speaking about the bug bounty program, Bipin Preet Singh-CEO said,
With the introduction of the bug bounty program we are now taking a crucial step forward in further strengthening the security of our wallet. We encourage security researchers and bug hunters to reach out to us and make a responsible disclosure when they detect any vulnerabilities.
The bug bounty programs seek to address crucial security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorized use of MobiKwik’s APIs, Improper TLS protection and Leaking of sensitive customer data (especially anything in the scope of PCI).
Bug Bounty programs are a common thing outside India where tech companies generously reward the security researchers and White Hat groups for identifying potential security threats in their networks.
However, it is ironic that while Indians reportedly identified the largest number of valid bugs in the last two years for Facebook, most Indian firms have so far refused to acknowledge and sometimes even threatened the so-called white hat hackers for identifying security threats in their networks.
Thankfully the trend is changing and bug bounty programs are slowly gaining strength with the emergence of tech startups and reports of security breaches in the networks. Cases in point being the hacking of accounts on Gaana, Ola, and Zomato networks last year.
Having seen the gradual rise of security threats against tech platforms in the last year, MobiKwik’s full-fledged bounty program seeks to find gaps in the system and patch it immediately. Bug hunters will not only be recognized for their efforts but also rewarded in accordance to their severity of the bugs highlighted.
Security researchers can report vulnerabilities to email@example.com. With the discovery of the bugs, MobiKwik’s security team will analyze the flaw and issue a patch for the same in the least possible time. Depending on eligibility bug hunters stand to earn cash rewards from MobiKwik.
The minimum reward or bounty is ₹1000 while there is no upper limit of the reward. Each bug is awarded a bounty based on its severity, scope and exploit level and successful bug reporters will be listed on MobiKwik’s Wall of Fame.
Another mobile wallet startup PayTm rewards the developers for spotting bugs whereas Ola was the first Indian company to launch first-of-its-kind full-fledged bug bounty program in the Indian tech ecosystem.